In this module, you will learn how data frames are created and processed by hosts and switches will be explained. You will also learn what protocols and network designs are needed to transmit data in a network. At the end of this module, you will use a protocol analyzer or “packet sniffer” to open and examine a data packet that has been transmitted across a network.
在该模块,你将学到主机如何创建和处理数据帧以及如何解释交换机这一概念。你还将学到在网络中传输数据所需的协议和网络设计。在本模块最后,你将使用协议分析器或“数据包(分组)嗅探器”打开并检查已通过网络进行传输的数据包。
Week2
1. Preparing Data for Transmission
1.1 Reading: Encapsulation
类比人类活动中的写信这一动作,引入封装概念。网络上的通信同样需要遵循特定的格式来进行发送和处理。
The process of placing one message format [the letter] inside another message format (the envelope) is called encapsulation.
每条计算机消息在发送前都以特定的格式进行封装,叫做帧。 一个帧就像一个信封一样,提供了预期目标和源主机的地址。帧的格式与内容取决于发送消息的类型以及通信的通道。如果消息不正确格式化它将不会被目标主机所接收处理。
以下动画展示了解封装的过程。
1.2 Framing the Message
以太网协议标准定义了网络通信的许多方面,包括帧的格式、帧的大小、时序以及编码。
以太网间的主机之间发送消息时,主机会按指定标准将消息格式化为帧布局。帧也被称为第二层的协议数据单元。这是因为提供帧创建和格式化规则的协议执行在OSI模型的数据链路层(即第二层)的功能。
以太网帧的格式指定了目标MAC地址和源MAC地址的位置,以及其他信息,包括:
- Preamble(前同步码) for sequencing and timing
- Start of frame delimiter
- Length and type of frame
- Frame check sequence to detect transmission errors
从目标MAC地址字段到帧检查序列,以太网帧的大小通常限制为最大1518字节,最小大小为64字节。
前同步码和SFD用于指示帧的开始。它们不用于帧大小的计算。不符合这些限制的帧不被接收主机处理。 除了帧格式,大小和时序外,以太网标准还定义了构成帧的比特如何编码到信道上。比特可以通过铜电缆传输电脉冲,也可以通过光纤传输光脉冲。
查看以下信息以简要了解框架中的每个字段。
Preamble- Defined pattern of alternating 1 and 0 bits used to synchronize timing.
用于使NIC卡(接收NIC)与电缆上的位同步。SFD- Marks the end of the timing information and start of the frame. 向接收的网卡指示 重要的信息在此之后???Destination MAC Address- The Destination MAC Address field contains the destination MAC address [receiver]. The destination MAC address can be unicast 单播 (a specific host), multicast 多播 (a group of hosts), or broadcast 广播 (all hosts on the local network).(什么意思??)Source MAC Address- The Source MAC Address field contains the source MAC address (sender). This is the unicast address of the Ethernet host that transmitted the frame.Length / Type- The Length/Type field supports two different uses. A type value indicates which protocol will receive the data. The length indicates the number of bytes of data that follows this field.Encapsulated Data- The Data field contains the packet of information being sent. Ethernet requires each frame to be between 64 and 1518 bytes.(虚拟局域网可达1522字节,此处不做讨论)FCS- The FCS contains a 4-byte value that is created by the device that sends data and is recalculated by the destination device to check for damaged frames.
维基百科: PDU维基百科
在OSI模型系统里,PDU和最底下四层相关。
物理层(一层)PDU指数据位(Bit)。
数据链路层(二层)PDU指数据帧(Frame)。
网络层(三层)PDU指数据包(Packet)。
传输层(四层)PDU指数据段(Segment)。2. The Building Blocks of Ethernet Networks
2.1 Reading: Why Networks Need Hierarchical Design???
问题导向型学习!
Imagine how difficult communication would be if the only way to send a message to someone was to use the person’s name. If there were no street addresses, cities, towns, or country boundaries, delivering a message to a specific person across the world would be nearly impossible.
如果发消息给某人的唯一方式是使用某人的姓名,没有街道地址、城市、乡镇、国界,那在世界间相互通信将会成为一件很困难的事。
On an Ethernet network, the host MAC address is similar to a person’s name. A MAC address indicates the individual identity of a specific host, but it does not indicate where on the network the host is located. If all hosts on the Internet (millions and millions of them) were each identified by only their unique MAC address, imagine how difficult it would be to locate a single one.
Reason 1: 在以太网网络中,主机的MAC地址类似于一个人的姓名。用来辨认特定主机的身份信息,但是它并不能指示网络中这个主机的位置所在。因此,如果网络上的主机只通过MAC地址来辨别的话, 定位一台主机的位置将十分困难。
Additionally, Ethernet technology generates a large amount of broadcast traffic in order for hosts to communicate. Broadcasts are sent to all hosts within a single network. Broadcasts consume bandwidth and slow network performance. What would happen if the millions of hosts attached to the Internet were all in one Ethernet network and were using broadcasts?
Reason 2: 以太网技术为了寻找主机进行通信会产生大量广播流量。广播既消耗带宽也会降低网络表现。因此,所有连接到网络上的主机都在一个以太网环境下并都使用广播进行通信 这是不现实的!
For these two reasons, large Ethernet networks consisting of many hosts are not efficient. It is better to divide larger networks into smaller, more manageable pieces. One way to divide larger networks is to use a hierarchical design model.
因此,使用分层设计模型来划分大型网络更为高效,便于管理。
View the set of graphics below to see an example of how our physical addresses are part of a hierarchical design that is divided into smaller, more manageable pieces.
2.2 Benefits of a Hierarchical Design
In networking, hierarchical design is used to group devices into multiple networks that are organized in a layered approach. This method of designing networks consists of smaller, more manageable groups that allow local traffic to remain local. Only traffic that is destined for other networks is moved to a higher layer.
分层设计将设备分组到以分层方式组织的多个网络中。这种设计网络的方法由更小、更易于管理的组组成。这些组允许本地流量留在本地,只有那些发送到其他网络的流量才会被转发到更高的层次。
分层设计提高效率、优化功能、提高速度。可以根据需要扩展网络,在不影响现有网络性能的前提下添加额外的本地网络。
分层设计有三个基本层次:
- Access Layer – This layer provides connections to hosts in a local Ethernet network.
- Distribution Layer – This layer interconnects the smaller local networks.
- Core Layer – This layer provides a high-speed connection between distribution layer devices.
访问层 —— 提供到本地以太网网络中的主机的连接
分布层 —— 将较小的本地网络互联
核心层 —— 提供分布层设备间的高速连接
With a hierarchical design, there is a need for a logical addressing scheme that can identify the location of a host. The most common addressing scheme on the Internet is Internet Protocol version 4 (IPv4). Internet Protocol version 6 (IPv6) is the network layer protocol currently being implemented as a replacement to IPv4. IPv4 and IPv6 will coexist for the foreseeable future. From this point on in this course, the term IP will refer to both IPv4 and IPv6.
在分层设计中,需要一种能够识别主机位置的逻辑寻址方案。Internet上最常见的寻址方案是Internet协议版本4 (IPv4)。Internet协议版本6 (IPv6)是目前正在实现的网络层协议,作为IPv4的替代品。在可预见的未来,IPv4和IPv6将会共存。从这一点在本课程中,术语IP将指IPv4和IPv6。
Q:网络中的位置还是实际的物理位置???维基百科: 分层网络模型
3. Logical Addressing
3.1 Physical & Logical Addresses
A person’s name usually does not change. A person’s address on the other hand, relates to where they live and can change. On a host, the MAC address does not change; it is physically assigned to the host NIC and is known as the physical address. The physical address remains the same regardless of where the host is placed on the network.
一个人的姓名通常不会改变,而一个人的地址通常与他们所居住的地方相关而且会改变。在主机上,MAC地址(物理地址)不会改变,他被物理地分配到主机的网卡上。无论主机被放置在网络的何处,物理地址始终不变。
The IP address is similar to the address of a person. It is known as a logical address because it is assigned logically based on where the host is located. The IP address, or network address, is assigned to each host by a network administrator based on the local network.
IP 地址(逻辑地址)则类似于你的地址,因为它基于你主机的位置来进行分配。IP地址,或者说网络地址,由本地网络的网络管理员来分配给每个主机。
IP addresses contain two parts. One part identifies the local network. The network portion of the IP address will be the same for all hosts connected to the same local network. The second part of the IP address identifies the individual host. Within the same local network, the host portion of the IP address is unique to each host.
IP 地址包含两个部分。一部分用来标识本地网络。IP地址的网络部分对于连接到相同本地网络的所有主机来说都是相同的。第二部分用来标识单个主机,在相同的本地网络环境下,IP地址的主机部分都是唯一的。
Both the physical MAC and logical IP addresses are required for a computer to communicate on a hierarchical network, just like both the name and address of a person are required to send a letter.
计算机在分层网络中进行通信,物理地址和逻辑地址都是必需的。就像写信一样,需要一个人姓名和地址。
观察下图:
假设 我们将数据包从H3发送到H8,它将使用IPv4地址进行通信。源IP地址为 192.168.200.3 ,目标地址为192.168.1.4.这些地址是保持不变的(通信过程中改变了怎么办??)。
那么MAC地址有什么用呢?目标MAC地址用于传送封装的数据包,以太网帧从H3到路由器。以太网帧携带的IPv4数据包有一个H3网卡相关联的源MAC地址。目的MAC地址将是该网络上路由器接口的MAC地址。一旦数据包在以太网帧中被送到路由器中,路由器将会移除以太网帧。之后它将会查看数据包中的目标IPv4地址,在路由表中查找。并将该数据包转发到另一个192.168.1.0网络。它将被封装在新的以太网帧中。源MAC地址将是路由器的以太网接口,目标MAC。该地址将是主机H8的NIC卡的地址。这里的关键是IP地址。 数据包中的目标IPv4地址始终保持不变。而以太网中的MAC则会随着网络的变化而变化(因为设备变化了呀)。
对于网络专业人员,重要的是要了解逻辑地址用于端到端传递,以及如何在网络中使用物理地址(在本例中为以太网MAC地址)进行传递。
挺有意思的,IP地址是不断变化的,因为由网络管理员进行分配,定时更换。同时,他也是固定的,在网络中发送数据包,源和目标IP地址固定。MAC地址正好相反。。。。
3.2 Video: Examining Network Information on My Device
查看网络IP配置
4. Starting with a Good Design
4.1 Reading: Access, Distribution and Core
IP traffic is managed based on the characteristics and devices associated with each of the three layers of the hierarchical network design model: Access, Distribution and Core.
IP流量是根据与分层网络设计模型的三层中的每一层相关的特性和设备进行管理的:访问,分发和核心。
Access Layer
The access layer provides a connection point for end user devices to the network and allows multiple hosts to connect to other hosts through a network device, usually a switch or access point. Typically, all devices within a single access layer will have the same network portion of the IP address.
访问层提供终端设备到网络的连接,允许多个主机通过网络设备与其他主机互联,通常是一个交换机或者接入点。典型地,在单个访问层中的所有设备将会拥有相同的IP地址网络部分。
If a message is destined for a local host, based on the network portion of the IP address, the message remains local. If it is destined for a different network, it is passed up to the distribution layer. Switches provide the connection to the distribution layer devices, usually a router.
如果消息时发往本地主机,基于IP地址的网络部分,消息将留在本地。而如果消息发往其他网络,他将会去往分布层。交换机提供了到分布层设备(通常是路由器)的连接。
Distribution Layer
The distribution layer provides a connection point for separate networks and controls the flow of information between the networks. It typically contains more powerful switches than the access layer as well as routers for routing between networks. Distribution layer devices control the type and amount of traffic that flows from the access layer to the core layer.
分布层提供了各个独立网络的连接点,控制网络间信息的流动。它通常包含比访问层更强大的交换机。以及用于网络间路由的路由器。分布层设备控制了从访问层到核心层流量的类型和总量。
Core Layer
The core layer is a high-speed backbone layer with redundant (backup) connections. It is responsible for transporting large amounts of data between multiple end networks. Core layer devices typically include very powerful, high-speed switches and routers. The main goal of the core layer is to transport data quickly.
核心层是具有冗余?(备份)连接的告诉主干层。他负责在多个终端网络之间传输大量数据。核心层设备通常包括功能非常强大的高速交换机和路由器。核心层的主要目标是:快速传输数据。
The figure below shows the devices most likely to be found in or associated with each layer.
4.2 Reading: Access Layer Devices
略
4.3 Reading: Ethernet Hubs
最初的以太网以一条电缆连接所有主机,类似于有线电视连到你家的方式。网络中的所有用户共享带宽。
随着以太网变得流行,这种方案变得不切实际。工程师开发了一种不同类型的网络技术,使连接和重新连接多个设备到网络变得更容易。第一类网络设备是以太网集线器。
集线器包含多个端口集线器包含多个端口,这些端口用于将主机连接到网络。集线器是简单的设备,没有必要的电子设备来解码网络上主机之间发送的消息。集线器无法确定哪个主机应收到任何特定消息。集线器仅从一个端口接收电子信号,并在所有其他端口中重新生成(或重复)同一消息。集线器上连接的所有主机共享带宽,并且将接收到该消息。主机会忽略未发送给他们的消息。只有在消息的目标地址中指定的主机才能处理消息并响应发件人。
一次只能通过以太网集线器发送一条消息。连接到集线器的两个或更多主机可能尝试同时发送消息。如果发生这种情况,组成消息的电子信号将在集线器上相互碰撞。这称为碰撞。主机无法读取该消息,必须重新传输。主机可以接收冲突产生的乱码消息的网络区域称为冲突域。由于过多的重传会阻塞网络并降低网络流量,因此现在认为集线器已过时,并且已被以太网交换机取代!!!。
观看下面的动画,了解设备如何处理使用集线器的网络上广播的信息。
拓展
5. Building a Better Access Layer
5.1 Ethernet Switches
以太网交换机通常被用于接入层。当一个主机发送消息到连接在同一个交换机网络中的其他主机时,交换机接收并解码以太网帧,读取MAC地址部分。
交换机内有一个MAC地址表,包含了一连串的激活端口以及连接到它们的主机MAC地址。当消息在主机间发送时,交换机检查目的MAC地址是否在表中。如果在,交换机将会在源端口和目标端口间建立一个称为电路的临时连接。 这个新电路提供了两个主机可以通过其通信的专用通道。连接到交换机的其他主机不在此通道上共享带宽,也不会接受未寻址到它们的消息。主机之间的每个新会话都会建立一个新电路。这些独立的电路允许多对话同时发生,且不会发生冲突!以太网交换机还允许通过同一根以太网电缆同时发送和接收帧。通过消除冲突,可以提高网络的性能。
5.2 MAC Address Tables
Q: 如果交换机收到一条帧指向一个未在MAC地址表中记录的新主机怎么办呢???
A:如果MAC地址表中无记录的话,交换机没有足够的信息去创建单独的电路。而当交换机无法决定目的主机所在时,它将使用一种称为泛洪的进程将消息转发到除发送主机之外的所有附加主机。每个主机将消息中的目标MAC地址与它自己的MAC地址进行比较,但是只有具有正确目标地址的主机才能处理消息并响应发送方。
新主机的MAC地址如何进入MAC地址表呢?交换机通过检查主机之间发送的每个帧的源MAC地址来构建MAC地址表。当新的主机发送消息或者响应泛洪消息时,交换机会立即获知其MAC地址和其连接的端口(端口已知的,先看看源MAC地址在不在MAC地址表里,若不在,添加到端口对应的MAC地址栏)。(牛啤)每次交换机读取新的源MAC地址时,该表都会动态更新。通过这种方式,交换机可以快速了解所有连接的主机的MAC地址。
Q: 添加的都是源MAC地址?观看以下动画来了解交换机中的MAC地址表以及交换机如何获取新的主机。
PS : 交换机转发消息 在 数据链路层。
Q: 以太网帧将目标地址放在前面是为了便于广播比较吗?参考视频: 交换机如何创建MAC地址表:三种可能的转发情况
6. Containing Broadcasts
6.1 What are Broadcasts Anyway?
当主机需要查找信息而又不确切地知道其他主机可以提供什么信息,或者主机希望及时向同一网络中的所有其他主机提供信息时,广播会非常有用。
Q: 一条消息只能包含一个目标MAC地址,那么对于一个主机来说,怎么才能够在不向每个单独的MAC发送单独消息的情况下与本地网络上的所有其他主机进行通信呢???(好问题啊!!!)
为了解决这一问题,广播消息将会发送到所有主机都可以识别的唯一MAC地址。广播MAC地址实际上是由全1组成的48位地址。而由于MAC地址的长度,通常用十六进制表示。十六进制表示形式的广播MAC地址为 FFFF.FFFF.FFFF
PS: 路由器不会转发广播6.2 Broadcast Domains
When a host receives a message addressed to the broadcast address, it accepts and processes the message as though the message was addressed directly to it. When a host sends a broadcast message, switches forward the message to every connected host within the same local network. For this reason, a local area network, a network with one or more Ethernet switches, is also referred to as a broadcast domain.
当主机接收到该广播地址的消息时,它将接收并处理该消息,就好像该消息被直接寻址到它一样。当主机发送广播消息时,交换机负责转发给局域网内每个已连的主机。因此,局域网(具有一个或多个以太网交换机的网络)也被称为广播域。
If too many hosts are connected to the same broadcast domain, broadcast traffic can become excessive. The number of hosts and the amount of network traffic that can be supported on the local network is limited by the capabilities of the switches used to connect them. As the network grows and more hosts are added, network traffic, including broadcast traffic, increases. To improve performance, it is often necessary to divide one local network into multiple networks, or broadcast domains, as shown in the figure. Routers are used to divide the network into multiple broadcast domains.
如果太多主机o连接到同一广播域,则广播流量可能会变得过多。本地网络上可以支持的主机和网络流量受连接它们的交换机功能的限制。随着网络的增长和更多主机的添加,包括广播流量在内的网络流量将增加。为了提高性能,通常需要将一个局域网划分为多个网络或者说广播域,如图所示,路由器用于将网络划分为多个广播域。
6.3 Communicating at the Access Layer
在本地以太网上,如果目标地址是广播MAC地址,或者与NIC的MAC地址相对应,那么NIC则接受该帧。
但是,大多数网络应用程序都依靠逻辑目标IP地址来标识服务器和客户端的位置。下图说明了如果发送主机仅具有目标主机的逻辑IP地址会出现的问题。发送主机如何确定要在帧中放置哪个目标MAC地址呢???
发送主机可以使用称为地址解析协议(ARP) 的IPv4协议来发现同一本地网络上任何主机的MAC地址。IPv6则使用一种称为邻居发现的类似方法。
6.4 How ARP Works
ARP uses a three step process to discover and store the MAC address of a host on the local network when only the IPv4 address of the host is known.
当只知道主机的IPv4地址时,ARP使用三个步骤来发现并存储局域网上的主机MAC地址。
- The sending host creates and sends a frame addressed to a broadcast MAC address. Contained in the frame is a message with the IPv4 address of the intended destination host.
发送主机创建并发送一个寻址到广播MAC地址的帧。帧内部有包含目标主机的IPv4地址的消息。
- Each host on the network receives the broadcast frame and compares the IPv4 address inside the message with its configured IPv4 address. The host with the matching IPv4 address sends its MAC address back to the original sending host.
网络上的每个主机接收广播帧,并将消息内的IPv4地址与其配置的IPv4地址进行比较。相匹配的主机将其MAC地址发送回原始发送主机。
- The sending host receives the message and stores the MAC address and IPv4 address information in a table called an ARP table.
发送主机接收消息并将MAC地址和IPv4地址信息存储在一个名为ARP表的表中。
When the sending host has the MAC address of the destination host in its ARP table, it can send frames directly to the destination without doing an ARP request. Because ARP messages rely on broadcast frames to deliver the requests, all hosts in the local IPv4 network must be in the same broadcast domain.
当发送主机在其路由表中有目标主机的MAC地址时,它就能直接将数据帧发送给目标主机而不需要做ARP请求。因为ARP消息依赖于广播帧来发送请求,本地IPv4网络中的所有主机必须在同一个广播域内。
Watch the animation below to see a simplified example of the ARP process.
PS:路由器不会对以太网广播进行转发,ARP请求保留在本地网络中。
